Using FRITZ!VPN to access multiple IP networks behind a FRITZ!Box

The FRITZ!VPN software allows you to establish a secure VPN (Virtual Private Network) connection over the internet from a Windows computer to your FRITZ!Box and then access all of the network devices and services in the FRITZ!Box home network.

If an additional network router in the FRITZ!Box home network connects the IP network of this FRITZ!Box with a second IP network, you must configure additional settings in order to be able to access network devices in the second IP network over the VPN connection.

Example values used in this guide

In this guide we show you how to use FRITZ!VPN to configure VPN access to another IP network behind the remote FRITZ!Box. When adjusting the connection settings, replace the values used in this example with actual values.

IP addresses of the network router in the FRITZ!Box network:192.168.20.2 and 192.168.21.1

Note:The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS for your FRITZ!Box.

1 Adjusting the VPN settings for FRITZ!VPN

Start the Configure FRITZ!Box VPN Connection software.

In the "Existing Configurations" window, click on the plus sign in front of the FRITZ!Box's MyFRITZ! domain name (pi80ewgfi72d2os42.myfritz.net) and select the email address of the VPN user (john@smith.com) who is to access the IP network of the network router connected to the FRITZ!Box.

Click "Explorer" and open the file named "vpnuser_[...].cfg" with a text editor, for example WordPad.

Look for the entry "accesslist" and add the IP network of the network router connected to the FRITZ!Box to this entry:

acesslist =

"permit ip any 192.168.20.0 255.255.255.0",

"permit ip any 192.168.21.0 255.255.255.0";

Important:Entries for the IP networks must be separated by commas and the value for "accesslist" must close with a semicolon.

Save the changes and import the adjusted file "vpnuser_[...].cfg" to FRITZ!VPN.

2 Configuring the FRITZ!Box

Adjusting the FRITZ!Box's VPN settings

Start the Configure FRITZ!Box VPN Connection software.

In the "Existing Configurations" window, select the the FRITZ!Box's MyFRITZ! domain name (pi80ewgfi72d2os42.myfritz.net) and click on "Explorer".

Open the file named "fritzbox_[...].cfg" with a text editor (for example WordPad).

Search for the section in which the "name" entry has been assigned the email address of the VPN user (john@smith.com) who should access the IP network of the network router connected to the FRITZ!Box.

Look for the entry "accesslist" in this section and add the IP network of the network router connected to the FRITZ!Box to this entry:

acesslist =

"permit ip 192.168.20.0 255.255.255.0 192.168.20.201 255.255.255.0",

"permit ip 192.168.21.0 255.255.255.0 192.168.20.201 255.255.255.0",

Important:Entries for the IP networks must be separated by commas and the value for "accesslist" must close with a semicolon.

Save the changes and import the adjusted file "fritzbox_[...].cfg" to the FRITZ!Box.

Configuring a static IP route in the FRITZ!Box

Configure a static IP route in the FRITZ!Box so that network devices in the FRITZ!Box's IP network (192.168.20.0/24) can access the IP network of the network router connected to the FRITZ!Box (192.168.21.0/24):